Should kerberos user principals with instance work?
Christian G. Warden
cwarden at xerus.org
Fri Oct 6 15:56:56 EDT 2006
On Fri, Oct 06, 2006 at 03:34:58PM -0400, Kevin Coffman wrote:
> On 10/6/06, Christian G. Warden <cwarden at xerus.org> wrote:
> >I'm having trouble accessing files on an nfs4 (or nfs3) volume mounted with
> >sec=krb5 when using a kerberos principal which contains a non-null
> >instance.
> >Should principal sample/test at EXAMPLE.COM be able to access files owned
> >by sample?
> >
> >Thanks,
> >Christian
>
> I think this should work as long as your idmapping knows how to map
> this name. If you are using the default nss mapping, then it will be
> trying to map "sample/test" to a UID and will probably fail and wind
> up mapping to nfsnobody. (Assuming a Linux server.)
OK. I assume there's no support for rewriting names in rpc.idmapd. Any
idea whether it's possible to do so within nss_ldap or openldap?
Christian
More information about the NFSv4
mailing list